Vulnerability | ww.wp.xz.cn

Resolved marketeeringroup
(@marketeeringroup)

3 years ago

WP Engine reports of a vulnerability that allows an
attacker to target privileged authenticated users with malicious links that
make authenticated requests to WordPress on behalf of the user. An attacker could use this vulnerability to modify site configuration, including adding backdoors such as other WordPress administrators.

Do you have a patch for this or an updated version of the plugin available yet?

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Contributor ShareThis
(@sharethis)

2 years, 12 months ago

Hi @marketeeringroup,

Thanks for reporting this.

However, we think this is the same vulnerability that was reported to us in April, 2023 and was patched on version 8.4.7. You can see it in more detail here: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simple-share-buttons-adder/simple-share-buttons-adder-846-cross-site-request-forgery

It’s possible that WP Engine hasn’t updated their information on this and is still reporting the issue as open.

Best regards,

The ShareThis Technical Support team.

Anthony Hortin
(@ahortin)

2 years, 11 months ago

Hi,

Plesk and PatchStack is also reporting the vulnerability, so can you please look into this. Thanks

See: https://patchstack.com/database/vulnerability/simple-share-buttons-adder/wordpress-simple-share-buttons-adder-plugin-8-4-6-cross-site-request-forgery-csrf

Plugin Contributor ShareThis
(@sharethis)

2 years, 7 months ago

Hello,

Thank you for bringing this to our attention.

This vulnerability has been solved in a previous update. We have informed our engineering team about the fact that the issue still appears on Patchstack, they have made another review of the plugin and the tests indicate that the vulnerability has already been solved.

Our team is in contact with the Patchstack team so they can further review their report and update it on their website.

Best,
-ShareThis Support Team

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Vulnerability’ is closed to new replies.

6 replies
3 participants
Last reply from: ShareThis
Last activity: 2 years, 7 months ago
Status: resolved